One was minor (not rolling the ip optional field length into
pskb_may_pull check). The second was not minor; we weren't
appropriately calling pskb_may_pull to check if the iph + icmph + ipod secret
was in a linear buf... and then we finally ran across a driver for which
the ipod secret did not fully fit in the first skb buffer chunk... so
linearization was actually necessary.
Another way that has been suggested to fix the potential bugs that arise
from linearization, the use of skb_header_pointer, isn't the most
desireable option in this case, since it costs more stack memory *for
each* input ICMP packet (and nearly 100% of the time, it's not an ipod
and we don't care).